Suppress rule suricata

arz_Future · August 8, 2023, 2:56pm

I set up suricata and while receiving traffic and collecting alerts I noticed that I had false positives and used suppress
How to use it like this:
I created a suppress.rule file and inside this file
suppress gen_id 1; sig_id 1000002; track by_src; IP 192.168.44.129
I put
And inside suricata.yml, I also put the suppress.rule path, but it still produces the warning that I didn’t want.

sbhardwaj · August 9, 2023, 12:08pm

Hi, @arz_Future ! Welcome to our forum!

I believe you’re supposed to use small IP and commas are to be used so,

suppress gen_id 1, sig_id 1000002, track by_src, ip 192.168.44.129

Please try this and see if the issue still persists.

Topic		Replies	Views
Suricata suppress rule error Help rules , suricata	2	311	July 25, 2023
Rule threshold configuration Rules rules , suricata	2	1476	May 12, 2022
Suricata Suppress Rules Not Working Rules rules , suricata	4	157	May 16, 2024
Suppress alerts around known false positive! Rules	8	2573	August 16, 2023
Suricata ignore Rule by IP	3	2783	July 26, 2021

Suppress rule suricata

Related Topics